[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: MyBB XSS cross-site scripting
From: addmimistrator () gmail ! com
Date: 2005-12-31 8:25:26
Message-ID: 20051231082526.28498.qmail () securityfocus ! com
[Download RAW message or body]
Hey
this is a security bug in printthread.PHP script of MyBB(all version also fully \
patched) that allows XSS crosssite scripting hacking and can be exploit without \
limitation. post this message on a thread and go to print view of thread to view \
execution of exploit.
<script language=javascript>document.write("<script \
language=javascript>a"+"lert('Security bug allows XSS Cross-site scripting hacking \
found by imei')</"+"script>");</script>
this bug is in result of poor checking htmlspecialchars in printthread view of a \
topic and can exploit without any limitation against cookies.
be beauty
imei
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic